我正在尝试设置通过令牌方法保护的私有Docker注册表。它击中的身份验证服务器是专用身份验证服务器。尝试登录时出现此错误:level=info msg="unable to get token signing key"
我看到JWT令牌正在生成并从身份验证服务器返回。
Docker注册表配置:
version: 0.1
log:
accesslog:
disabled: false
level: info
fields:
service: registry
environment: development
storage:
delete:
enabled: true
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
host: https://127.0.0.1:5000
addr: 0.0.0.0:5000
debug:
addr: 0.0.0.0:5001
secret: notasecret123
tls:
certificate: /certs/registry.crt
key: /certs/registry.key
headers:
X-Content-Type-Options: [nosniff]
auth:
token:
realm: https://localhost:3443/dockerauth
service: https://localhost:5000
issuer: https://localhost:3443
rootcertbundle: /certs/registry.crt
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
JWT签名:
var i = 'https://localhost:3443';
var s = 'registry';
var a = 'https://localhost:5000';
var signOptions = {
issuer: i,
subject: s,
audience: a,
expiresIn: "1h",
algorithm: "RS256"
};
var registryKey = fs.readFileSync('/app/bin/keys/registry.key');
var token = jwt.sign(payload, registryKey, signOptions);
我尝试创建RSA公共/私有密钥来签名JWT令牌,然后将rootcertbundle设置为公共RSA密钥,但是出现错误,表明我需要PEM证书。因此,我创建了一个PEM证书,并遇到了开始时遇到的相同错误。